Last September, an unidentified hacker obtained and released thousands of e-mail addresses, user names and passwords belonging to registered users of a website featuring hardcore pornographic contents, constituting a massive breach of users’ privacy rights.

According to the BBC and other sources, the data was stolen from the site known as Brazzersforum in 2013, but it was not until September 2016 the hacker posted this information online, violating the privacy rights of the users. Headquartered in Canada, Brazzersforum and Brazzers legally distribute photographs and videos of a sexual nature to paying customers.

User names and passwords were not the only things compromised. The Independent reports the data dump made it possible to access private conversations and comments expressed on the forum pertaining to the explicit nature of the site's contents.

The exposure actually appears to have been leaked from the Brazzersforum site, where viewers discussed their favourite scenes and performers.

However the site's privacy policy might be regarded as lenient and underprotective of subscribers’ rights. As seen in the excerpt below, the company reserves the right to share “any of the personal information” it has gathered with “affiliated or unaffiliated third parties”:

By the subscriber's use of the site, the subscriber expressly agrees that the site may, in its sole discretion share, disclose, transfer, rent, license or sell any of the personal information about subscribers that it has gathered or collected with affiliated or unaffiliated third parties.

Up until now, no privacy watchdog – to the best of our knowledge – has publicly condemned the leak or initiated an investigation into the matter.

Transfer of personal data without written consent, particularly sensitive data regarding sexual preferences, is illegal in some countries, such as Mexico. The European Union also has laws governing the transfer of personal data and mandates special precautions to be taken when the handover is made. In Canada, where Brazzers is incorporated, the Personal Information and Protection of Electronic Documents Act requires companies that collect personal data to disclose how such data will be used, and offers users clear avenues to remedy for violations of their privacy. But it does not strictly regulate the transfer of personal or sensitive data.

Roughly one year before the Brazzers privacy breach, in July 2015, a group identified as “The Impact Team” stole data from the adult social networking system Ashley Madison – targeted to people who are married or in a committed relationship and seek to have an extramarital affair. Tom Lamont wrote earlier this year for The Guardian that the Ashley Madison hack meant the leak of names of over 30 million users:

It’s six months since hackers leaked the names of 30 million people who had used the infidelity website Ashley Madison. Resignations, divorces and suicides followed.

More recently, on November 14, 2016, The Guardian also reported the hack of over 412 milliion accounts from Friend Finder Networks’ pornography and sex hookup sites, marking the second hack they've suffered in just over a year, and one of the largest data breaches ever recorded, according to monitoring firm Leaked Source.

What about the rights of adult film stars?

In 2011, the Adult Industry Medical Health Care Foundation, a US-based organization that testedpornographic actors for HIV and other STDs,investigated the possibility that its medical record database was breached to supply information for a web site called Pornwikileaks.com. This site has been giving out names, dates of births and addresses of thousands of adult film stars, many of whom could face retaliations from their families, friends and the current employers of those who now work in other industries.

Jeffery Douglas, an attorney for the clinic, mentioned at the time:

Accessing a database for improper purposes, violating medical privacy and extortion are all crimes in California.’

In addition to exposing the personal data of adult sites’ users, violations of online privacy rights also reveal gaps in legal protections for customers of websites with a global presence. In cases like these, affected users might hesitate to raise their voices, in order to avoid further exposure and shame once their online interactions or sexual preferences have been divulged.

1 comment

Great story and good questions! For so many people sexual content is their biggest “secret” web activity, but because of it’s shadowy nature, porn has some of the worst security out there. The problematic advertising alone is a nightmare, pushing cautious users to great lengths of digital profilaction before even venturing into the sexual web.

Even basics like enabling HTTPS by default for porn sites is so often missing!